Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2006-5296

Published: 16/10/2006 Updated: 19/10/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted malicious users to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft powerpoint 2003

Exploits

Exploit DB: Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC)
#!/bin/perl # #PPT 0day poc # #OFFICE 2003 full Patch # #3001afbc 8b01 mov eax,[ecx] ds:0023:00000000=???????? #3001afbe 56 push esi #3001afbf ff5014 call dword ptr [eax+0x14] #try control ecx:P #Maybe can Exploit # # #nanika@chrootorg #naninb@gmailcom #wwwchrootorg my $ppt ...

References

NVD-CWE-Otherhttp://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspxhttp://www.securityfocus.com/bid/20495http://securitytracker.com/id?1017059http://secunia.com/advisories/22394http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553http://www.osvdb.org/29720http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspxhttp://research.eeye.com/html/alerts/zeroday/20061012_2.htmlhttp://www.vupen.com/english/advisories/2006/4031https://exchange.xforce.ibmcloud.com/vulnerabilities/29507https://www.exploit-db.com/exploits/2523https://nvd.nist.govhttps://www.exploit-db.com/exploits/2523/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook